What is continuous KYC?
Continuous KYC (cKYC) is a term coined to reflect the transition from conducting inefficient, costly periodic client reviews and remediation projects, to understanding the customers’ risk profile throughout the relationship or lifecycle. With the relevant insight, compliance teams can prioritise their focus to ensure compliance is no longer a tick box exercise.
Traditional KYC focuses on knowing your customer’s risk status in a snapshot of time at the point of onboarding. However, as we know, a client’s risk is never static. In contrast, KYC takes a proactive approach to manage risk at all times. By applying Software as a Service monitoring tools and processes, compliance officers can understand their clients changing profiles in real-time and make data-driven decisions on reducing the overall burden of KYC. Compliance efforts can then be focused where appropriate, depending on the firm’s appetite to risk.
The problem with traditional KYC & client reviews
Traditional KYC focuses on the element of onboarding a customer and fulfilling the necessary due diligence. After this, the client account is often left untouched until the organisation schedules its next periodic review or remediation project, in either 1, 3 or 5-year intervals.
Regulated firms typically manage to scrape through their one-year review cycles for their high-risk customers but rarely complete their 3 and 5-year cycles for medium and low-risk customers, respectively.
The time, and staff resources, required to conduct a periodic review are extensive. The traditional response to tackle the problem of client reviews has been to throw more people and money at the problem to resolve it.
This is the way it’s always been done for years. So why change? In a post-pandemic world, where the economy is volatile, your clients’ risk status is constantly changing, and your budgets have probably been reduced. Your sales team is demanding better processes to onboard as many customers as quickly as possible without a thought to the ongoing risk that customers may have to your business. The current approach to KYC and scheduled client review is now unsustainable.
Increasing risk of periodic client reviews
In a digital era, where new financial crime threats are emerging on a regular basis KYC periodic reviews are now outdated. A true risk-based approach is knowing your customers on an ongoing basis and understanding when something has changed in real-time, and evaluating the risk appropriately.
Not understanding a change in your client risk-profile when it actually happens – is simply inadequate in the modern world of immediacy.
Below are some examples of scenarios that demonstrate this point:
- Your ‘low-risk’ client moves to another country, and that country happens to be the high risk country of Panama. You may not be aware of the location change until the next scheduled periodic review which takes place in 2-3 years. This delay could cost the business in non-compliance, repetitional damage as well as costly fines.
- What happens if the ultimate beneficial owner changes in a client account and that UBO happens to be on the PEPs register, not understanding this change when it happens can have serious consequences.
- A significant shareholder in your client’s business reorganises their shares and makes use of a trust arrangement in an off-shore location.
Move towards a better approach with continuous KYC
Automated alert threat monitoring
Low risk changes can be flagged and added to the customer risk profile with automated threat monitoring. This enables customer review for both Investigative purposes as well as control purposes. Ensuring you have the most up-to-date information is critical for ongoing compliance and preventing risk and true threats, such as change of ownership to a high-risk country, for example, that would absolutely require further investigation or action
Constant dynamic risk scoring that takes a data-driven and risk-based approach, across all KYC and CDD activities, can also be achieved with continuous monitoring.
Currently customer risk assessment is very static. Although we have moved away from the Excel spreadsheets and paper based processes there is some way to go before achieving the nirvana of perpetual KYC.
Customer risk assessment needs to be dynamic to bring into account the customers transactions or their behaviour and the expressed risk of the customer relationship, instead of just the inherent risk.
Single Dynamic CRM
With a single data point or CRM repository that has the ability to dynamically update internal and external data changes there are huge operational efficiencies to be had, both in time and money. Continuous KYC can also deliver simplified enhanced due diligence by monitoring the entirety of your customer network, automatically flagging any potential risk only and perform enhanced due diligence based on exceptions.
Deliver customer-centric continuous KYC compliance
Currently KYC is viewed as solely a compliance activity, being carried out for the purpose of complying with regulations and knowing your customer from a control point of view, but not really from a competitive advantage or customer focussed approach.
However If you look at new entrants within the FinTech and technology space, these companies are really innovating how they use KYC to set their customer experience apart.
Take Monzo, Starling or Revolute who treat KYC onboarding and continued monitoring as a way to retain and interact with customers, rather than something that is onerous and difficult for that customer.
In today’s digital and demand-driven world compliance goes beyond a set of processes and instead should be insight-driven to provide new opportunities to drive customer focussed decisions. With the clever use of API driven technologies, machine learning and rules engines it means that cKYC is now achievable for all.
The time for maintaining the status quo or taking incremental steps in the face of industry disruption has passed and should be replaced by a dynamic approach to cKYC.
The past 12 months have highlighted that businesses can adapt and deploy digital processes far quicker than their roadmap had originally scoped. As a result, the need to reduce unnecessarily and repeated labour-intensive processes has never been more important.
By taking a transformational approach to continuous customer due diligence in your business, you can deliver a better relationship with your customer and avoid costly manual processes for monitoring and remediation.